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/VMKNDMKNTS TO THE CLAIMS; 

This lisling of chiims will replace all prior versions and listings ofclairas in Ihc 
applicntion: 

J Jstiug of Claims: 

Claim 1. (Currently Amended) A method for authorizing a user on a computer 

network using cl>aincd mapping records, the method including: 

receiving a di gital certificate for a u ser rcqut?sting aceess to said computer network: 
comparing a distinguished name or a partial distinguished name corresponding to 
digital ccrt ific.at.cHsef with a plurality of mapping records; 

replacing a variable from a first niatching mapping record with an environmental 

factor to create a first search criteria, the first matching mapping record indicating the. 

distinguislied name or the partial distinguished name, wherein the environmental factor 

includes one or more system or application statuses in clTcct at the time the user signs-on 

the computer network[,l opera ble for enablinu lhereh v nitowin.g the first matcWng mapping 

record to point to multiple user identifications; 

comparing the lirst search criteria with the plurality of mapping records; and 
generating an authorization indicator responsive to at least one of comparing the 

distinguished name or a partial distinguished name and comparing the first search criteria 

will^ the plurality of mapping records. 

Claim 2. (Previously Presented) The method of claim 1, wherein tlie generating an 
authorisation indicator includes generating a security context control block using a user 
identification from a second matching mapping record, the second matching mapping 
record indicating the first search crilcria: 

Claim 3. (Previously Presented) The method of claim 1, further including: 
PO9-99-l51/m2-0005 2 
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replacing a variable froni a second matching niai^ping record with the 
environnicntal faclor lo create a second search criteria, the second matching mapping 
record indicating the first search criteria. 

Claim 4. (Previously Presented) Tlic method of claim 3, 

wherein the gcneraiing an autliorizaiion indicator includes generating a security 

context control block using a user idcnlincalion fronn a third matching mapping record, the 

third matching mapping record indicating the second search criteria. 

Claim 5. (Original) The method of claim I, fuither including: 
eliminating a portion of an X.500 distinguLshal name to create the partial 

distinguished name used in said comparing the partial distinguished name with the plurality 

of mapping records. 

ClauiiO. (Previously Presented) The method of claim 1, 

wherein the generating an authorization indicator includes generating a security 

context control block using a user identification from the first matching mapping record if 

the fi i*sl matching mapping record includes the user identification. 

Claim?. (Previously Presented) The mcUiod of claim 1, wherein comparing the 
distinguished name or the partial distinguished name conesponding to the user with a 
plurality of mapping records includes comparing an X,500 distinguished name of the user 
with the plurality of mapping records. 

Claim 8. (Currcjitly Amended) The method of claim 1, wherein the environmental 
factor includes a system status existing at tlie lime the user signs-on the computer network 
and replacing a variable includes replacing the variable frotii the first matching mapping 
record with said t-he system status. 
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Claim 9. (Currently Amended) A system for authorizing a user on a compulcr 
nclwork using chained mapping records, the system including: 

a digital cerLincatc means For receiving a distinguished name over said computer 
netw ork, said dis tinp. ui$hcd namc _corrcspondiag to the user; 

a distinguished Jiaine mapping record v/ilhin a directory databas e, said distinguished 
iiamejn^Pi)ing.XS£S2^ of at least a portion of said distinguished name, said 

distinguished name mapping record including a first data fielti, said first data field 
including a first variable indicative of a first environmental factor, wherein the first 
environmental ftctor includes one or more system or application statuses in eficct at the 
time said digital certificate is received[,l opera b le for enablinfi thcreby allow ing said first 
matching mapping record to point to multiple user identities; 

a first crilcria mapping record corresponding to a first state ofsaid first 
environmental factor^ said first criteria mapping rccoixl including a second data field, said 
second data field including a first user identity; and 

a mapping process configured to receive said digital certificate, wherein said 
mapping process generates a security context control block using said first user identity in 
response to said first state oFsaid first environmental factor 

Claim 10. (Original) Tlie system ofclaim 9, funhcr including: 

a second criteria mapping record coixesponding to a second state ofsaid first 

environmental factor, said second criteria mapping record including a third data field, said 

third data field including a second user identity, and 

wherein said mapping process is further configured to generate a security context 

control block using said second user identity in response to said second state ofsaid first 

environmental factor. 

Claim IK (Original) Tlie system of claim 9, fiirther including: 
a second criteria mapping record concsponding to a second state ofsaid first 
environn>cntal factor, said second criteria mapping record including a third data field, said 
third data field including a second variable indicative of a second environmental factor; 
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a ihird criteria mapping record corresponding to said second environmental factor, 
said third criteria mapping record including a foiuHi data field, said fourth data field 
including n second user identity; and 

wherein said mapping process is further coiifigured to generate a security context 
control block using said second user identity in response to said second state of said first 
environmcntJil factor and said third environmental factor. 

Claiin 12. (Original) Tiie system of claim 9, wherein said distinguished name is an 
X.500 distinguished name. 

Claim 13. (Original) The system of claim 10, wherein said first user identity 
represents a first level of network authorization, and said second user identity represents a 
second level of network authorization. 

Claim 14, (Original) Tlic system of claim 9, wherein said first environmental 
factor is a network status at the time said digital certificate is received by said mapping 
process. 

Claim 15. (Original) The system ofclaim 9, wherein said first environmental 
factor is an application status at the time said digital certificate is received by said mapping 
process. 

Claim 1 6, (Original) The system of claim 9, wherein said first environmental 
factor is included in said digital ceitificaLe. 

Claim 17, (Ctu-rently Amended) A storage medium encoded with machine- 
readable computer program code for aulhori/ing a user on a computer network using 
chained mapping records, the storage medium including instnictions for causing a 
computer to implement a method comprising: 

PO0-99-151/TB2.0005 5 
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comparing a distinguislicd name or a partial distinguished name coiTCsponding to 
the user with a plurality of mappins records; 

replacing a variable from a first matching mapping record with an environmental 
factor to crcatc a first search criteria, the first matching mappiag record indicating the 
distinguished name or the partial distinguished name, wherein the environmental factor 
includes Oiic or more system or application statuses in effect at the lime the user signs-on 
on the computer nctwork[,] opcr abic For cna biin^thereb^atiewti^ the first matcliing 
mapping record to point lo multiple user identifications; 

comparing the first search criteria with the plurality ofmapping records; and 
generating an authorization indicator responsive to at least one of comparing the 
distingm'shcd name or a partial distinguished name and comparing the first search criteria 
with tlic phirality ofmapping records. 

Claim 18. (Previously Presented) The storage medium of claim 17, wherein the 
generating an authorization indicator inchides generating a security context control block 
using a user identification from a second matching mapping record, the second matching 
mapping record indicating the first search criteria. 

Claim 19. (Previously Presented) The storage medium of claim 17, further 
comprising instmctions for causing a computer to implement: 

replacing a variable from a second matching mapping record with the 
environmental factor to create a second search criteria, the second matching mapping 
record indicating the first search criteria. 

Claim 20. (Previously Presented) Tlic storage medium of claim 19, 
wherein the generating an authorization indicator includes generating a security 
context control block using a user identification from a third matching mapping record, tlic 
third matching mapping record indicating the second search criteria. 
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Claim 21. (Original) The storage medium of claim 17 further comprising 
inslmcUons for causing a computer to implement: 

cliininatiag a portion of an X.500 distinguished name to create the partial 
distinguished name used in said comparing the partial distinguished name widi the plurality 
of mapping records. 

Claim 22. (Previously Presented) The storage medium of claim 17 

wherein the generating an authorization indicator includes generating a security 

context control block using a user identi fication from the first matching mapping record if 

the first matching mapping record includes the user identification. 

Claim 23. (Previously Presented) The storage medium of claim 17. wherein 
comparing the distinguished name or the partial distinguished name corresponding to the 
user with a plurality of mapping records inchidcs comparing an X.500 distinguished name 
of the user with the plurality of mapping records. 

Claim 24. (Currently Amended) The storage medium of claim 17, wherein the 
environmental factor includes a system status existing at the time the user signs-on 
the computer network and replacing a variable includes replacing the variable from the fii-st 
matching mapping record with 5iiidt4w system status. 
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